2 posts tagged with "vulnerability"

Wordfence's February 9-15, 2026 report is a reminder that WordPress security is not a reading hobby. It is an operations loop. Sites that treat it like newsletter content are volunteering for downtime.

I tore apart CVE-2025-9318 — a critical SQL injection in the Quiz and Survey Master WordPress plugin affecting every version up to 10.3.1. Classic $wpdb concatenation, trivially exploitable by any authenticated subscriber.